Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Potentially Harmful Pop Ups!!!!!!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Potentially Harmful Pop Ups!!!!!!

Unread postby Piankhi » January 9th, 2008, 3:57 pm

My Mcfee Site Advisor keeps getting potentially harmful pop ups and I am afraid my computer's security has been compromised. Please help me find out if Iam infected. I have tried running virus scans and adware removal programs like spyware blaster & avg anti spyware but the pop ups keep on coming.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:50:35 PM, on 1/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dlcjcoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Citrix\GoToAssist\480\G2AProcessFactory.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe
C:\Program Files\Dell Photo AIO Printer 964\memcard.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\QdrPack\QdrPack11.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: BndVeano4 BHO Class - {8E4881AC-49E2-4761-9542-7E40C73CFB96} - C:\Program Files\QdrDrive\QdrDrive9.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Fire-Trust SiteHound - {C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O3 - Toolbar: SiteHound - {73F7F495-A325-4C52-BE48-5F97FA511E89} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [DLCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcjmon.exe] "C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 964\memcard.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [QdrPack11] "C:\Program Files\QdrPack\QdrPack11.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-21-2517665285-2625995320-2371751324-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Holly')
O4 - HKUS\S-1-5-21-2517665285-2625995320-2371751324-1008\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Holly')
O4 - HKUS\S-1-5-21-2517665285-2625995320-2371751324-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Holly')
O4 - HKUS\S-1-5-21-2517665285-2625995320-2371751324-1008\..\Run: [kernel] C:\Program Files\kernel\kernel.exe (User 'Holly')
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: dlcj_device - Unknown owner - C:\WINDOWS\system32\dlcjcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 13086 bytes
Piankhi
Regular Member
 
Posts: 24
Joined: September 25th, 2007, 8:14 pm
Advertisement
Register to Remove

Re: Potentially Harmful Pop Ups!!!!!!

Unread postby chryssi2001 » January 10th, 2008, 8:28 am

Hello Piankhi,

I will be assisting you with your malware issues.
Please be patient as I need some time to review your Hijackthis log and i will post back recommendations for repairs.

As I am still a trainee, everything that I post to you, must be checked by an Admin or Moderator. Thus, there may be a tiny bit of a delay between posts, but it shouldn't be too long.

  • Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • Continue to respond to this thread until I give you the All Clean! If you have any question or you're stuck in there please reply it to me. I will try my best to help you!
  • Please bookmark or favourite this page. In case you need it as reference or etc.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: Potentially Harmful Pop Ups!!!!!!

Unread postby chryssi2001 » January 11th, 2008, 6:25 am

Hello Piankhi,

Remove/Disable one of your Anti Virus programs.
You are operating your computer with multiple Anti Virus programs running in memory at once:

McAfee
Symantec


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove/disable one of them.
I don't know if one of them expired. Please inform me but if you have both paid versions, you have to disable one.
If one of them expired uninstall it.
---------------------------------------------------
Update Java Runtime:

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 3.
  • Go to http://java.sun.com/javase/downloads/index.jsp
  • Click on the link named Java Runtime Environment (JRE) 6 Update 3
  • Click on the radio button to Accept License Agreement
  • Click on Windows Offline Installation, Multi-language and save the downloaded file to your hard disk
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all old versions of Java (Java 2 Runtime Environment, JRE or JSE)
  • Reboot your computer
  • Delete the folder C:\Program Files\Java if present
  • Install the new version by running the newly-downloaded file, and follow the on-screen instructions.
  • Reboot your computer
---------------------------------------------------
Download OTMoveIt by OldTimer to your Desktop.
  • Double click OTMoveIt.exe to launch it.
  • Copy/Paste the contents of the box below into the left hand pane of OTMoveIt.
C:\Program Files\kernel

  • Click the Move It button.
  • The list will be processed and the results will appear in the right hand pane.
  • If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  • When finished click Exit to exit the program.
  • A log C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log will be created (where mmddyyyy_hhmmss are numbers giving date and time the log was created).
  • Post the log back here please.
---------------------------------------------------
FIX HIJACKTHIS ENTRIES

Open up Hijackthis.
Click on do a system scan only.
Place a checkmark next to these lines(if still present).

O4 - HKUS\S-1-5-21-2517665285-2625995320-2371751324-1008\..\Run: [kernel] C:\Program Files\kernel\kernel.exe (User 'Holly')


Then close all windows except Hijackthis and click Fix Checked
Close HijackThis.
---------------------------------------------------
Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
---------------------------------------------------
Run HijackThis again.
---------------------------------------------------
Post back:
Information about the 2 Anti-Virus.
OTMoveIt report.
Combofix report.
A new HijackThis log.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: Potentially Harmful Pop Ups!!!!!!

Unread postby Piankhi » January 11th, 2008, 3:50 pm

I had Norton Ghost on the system and removed it. My active Antivirus program is Mcafee.

See OT Move it report below:

File/Folder C:\Program Files\kernel not found.

Created on 01/11/2008 14:49:02

Combofix report beow:

ComboFix 08-01-11.1 - Family 2008-01-11 14:34:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1447 [GMT -5:00]
Running from: C:\Documents and Settings\Family\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Family\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Family\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Family\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Program Files\Common Files\Yazzle1560OinAdmin.exe
C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe
C:\Program Files\inetget2
C:\Program Files\ISM
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\QdrDrive
C:\Program Files\QdrDrive\QdrDrive9.dll
C:\Program Files\QdrDrive\qdrloader.exe
C:\Program Files\QdrPack
C:\Program Files\QdrPack\dicts.gz
C:\Program Files\QdrPack\QdrPack11.exe
C:\Program Files\QdrPack\trgts.gz
C:\Program Files\Temporary
C:\Program Files\Temporary\kernInstall.exe
C:\WINDOWS\b148.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-11 to 2008-01-11 )))))))))))))))))))))))))))))))
.

2008-01-11 14:33 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-11 14:13 . 2008-01-11 14:13 <DIR> d-------- C:\Program Files\Sun
2008-01-11 14:13 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-11 14:10 . 2008-01-11 14:10 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-09 14:50 . 2008-01-09 14:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-06 23:02 . 2008-01-06 23:02 <DIR> d-------- C:\Program Files\FireTrust
2008-01-05 10:27 . 2008-01-05 10:27 <DIR> d-------- C:\Documents and Settings\Wesley\Application Data\Grisoft
2008-01-04 19:02 . 2008-01-11 12:48 <DIR> d-------- C:\Program Files\RcvSystem
2008-01-04 15:09 . 2008-01-04 15:09 <DIR> d-------- C:\Documents and Settings\Family\Application Data\Grisoft
2008-01-03 21:21 . 2008-01-03 21:21 <DIR> d-------- C:\Documents and Settings\Holly\Application Data\Grisoft
2008-01-03 21:21 . 2008-01-03 21:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-03 21:21 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-03 21:11 . 2008-01-06 11:21 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-03 21:11 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2007-12-25 22:13 . 2007-12-25 22:13 <DIR> dr-h----- C:\Documents and Settings\Holly\Application Data\SecuROM
2007-12-25 22:13 . 2007-12-25 22:13 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-12-24 09:59 . 2007-12-24 09:59 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-24 09:59 . 2007-12-24 09:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-24 09:58 . 2007-12-24 09:58 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-18 23:03 . 2007-12-19 00:40 <DIR> d-------- C:\Program Files\EA GAMES
2007-12-18 22:32 . 2005-09-27 23:11 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2007-12-18 19:54 . 2007-12-18 19:54 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\SiteAdvisor
2007-12-18 10:18 . 2007-12-18 10:18 <DIR> d-------- C:\Program Files\The Weather Channel Toolbar
2007-12-18 10:18 . 2007-05-09 10:24 262,144 --a------ C:\WINDOWS\system32\TwcToolbarIe7.dll
2007-12-18 10:18 . 2007-05-09 09:41 73,728 --a------ C:\WINDOWS\system32\TwcToolbarBho.dll
2007-12-18 10:18 . 2007-05-09 09:42 25,600 --a------ C:\WINDOWS\system32\TwcToolInstDll.dll
2007-12-18 09:53 . 2007-12-20 09:43 <DIR> d-------- C:\Program Files\The Weather Channel FW
2007-12-18 09:46 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2007-12-16 22:39 . 2007-12-31 12:19 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-12-16 22:39 . 2007-12-16 22:44 <DIR> d-------- C:\Documents and Settings\Holly\Application Data\AdobeUM
2007-12-16 18:39 . 2008-01-03 14:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-16 18:39 . 2007-12-16 18:39 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-16 03:01 . 2007-12-16 03:01 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-15 23:35 . 2007-12-15 23:35 <DIR> d--hs---- C:\Documents and Settings\Holly\UserData
2007-12-15 23:05 . 2007-12-15 23:05 <DIR> d-------- C:\Documents and Settings\Wesley\Application Data\SiteAdvisor
2007-12-15 23:04 . 2007-12-15 23:04 <DIR> d-------- C:\Documents and Settings\Khalif\Application Data\SiteAdvisor
2007-12-15 20:24 . 2007-12-15 20:24 <DIR> d-------- C:\Documents and Settings\Family\Application Data\SiteAdvisor
2007-12-15 19:57 . 2008-01-11 14:23 13,292 --a------ C:\WINDOWS\system32\Config.MPF
2007-12-15 19:54 . 2007-12-15 19:54 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-12-15 19:53 . 2007-12-19 17:06 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-12-15 19:53 . 2007-12-15 19:53 <DIR> d-------- C:\Documents and Settings\Holly\Application Data\SiteAdvisor
2007-12-15 19:53 . 2007-12-15 19:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-12-15 19:52 . 2007-06-25 10:57 171,240 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-12-15 19:52 . 2007-03-02 14:16 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-12-15 19:52 . 2007-06-25 14:54 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-12-15 19:52 . 2007-06-25 10:57 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-12-15 19:52 . 2007-06-25 10:57 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-12-15 19:52 . 2007-06-25 10:57 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-12-15 19:51 . 2007-12-15 19:52 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-12-15 19:20 . 2007-12-16 17:36 2,516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-12-15 19:20 . 2007-12-15 19:20 8 -r-hs---- C:\WINDOWS\system32\86681A87E8.sys
2007-12-15 16:26 . 2006-05-30 22:56 <DIR> d-------- C:\Documents and Settings\Wesley\Application Data\Symantec
2007-12-15 16:26 . 2007-12-15 16:26 <DIR> d--h----- C:\Documents and Settings\Wesley\Application Data\GTek
2007-12-15 16:04 . 2008-01-11 00:37 4,096 --ahs---- C:\VSNAP.IDX
2007-12-15 16:02 . 2006-05-30 22:56 <DIR> d-------- C:\Documents and Settings\Khalif\Application Data\Symantec
2007-12-15 16:02 . 2007-12-15 16:23 <DIR> d-------- C:\Documents and Settings\Khalif\Application Data\GTek
2007-12-15 15:42 . 2007-07-09 08:09 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-15 15:39 . 2006-03-20 22:23 23,040 --------- C:\WINDOWS\kb913800.exe
2007-12-15 15:37 . 2006-12-06 23:14 2,330,624 --------- C:\WINDOWS\system32\dllcache\wmvcore.dll
2007-12-15 15:36 . 2007-12-15 15:38 <DIR> d-------- C:\Documents and Settings\Holly\Application Data\GTek
2007-12-15 15:35 . 2006-05-30 22:56 <DIR> d-------- C:\Documents and Settings\Holly\Application Data\Symantec
2007-12-15 15:34 . 2007-12-15 15:34 4,128 --a------ C:\INFCACHE.1
2007-12-15 15:30 . 2007-12-15 15:34 <DIR> d-------- C:\Temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2007-12-15 15:30 . 2007-12-15 15:30 <DIR> d-------- C:\Temp
2007-12-15 15:27 . 2007-12-15 15:27 <DIR> d---s---- C:\Documents and Settings\Family\UserData
2007-12-15 15:14 . 2007-12-15 15:14 <DIR> d-------- C:\Program Files\Citrix
2007-12-15 15:14 . 2007-12-15 15:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Citrix
2007-12-15 15:13 . 2007-12-15 15:13 <DIR> d-------- C:\WINDOWS\Sun
2007-12-15 15:13 . 2007-12-15 15:13 60,968 --a------ C:\Documents and Settings\Family\GoToAssistDownloadHelper.exe
2007-12-15 15:12 . 2007-12-15 15:12 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-12-15 15:11 . 2008-01-10 16:22 <DIR> d-------- C:\Program Files\Dl_cats
2007-12-15 15:11 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2007-12-15 15:11 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2007-12-15 15:11 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-12-15 15:11 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-12-15 15:11 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-12-15 15:11 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2007-12-15 15:11 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-12-15 15:11 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2007-12-15 15:11 . 2007-12-15 15:32 12,183 --a------ C:\WINDOWS\system32\LexFiles.ulf
2007-12-15 15:10 . 2007-12-15 15:10 <DIR> d-------- C:\Program Files\DellSupport
2007-12-15 12:08 . 2007-12-15 12:08 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\McAfee.com Personal Firewall
2007-12-15 12:08 . 2006-05-30 22:56 <DIR> d-------- C:\Documents and Settings\Family\Application Data\Symantec
2007-12-15 12:08 . 2007-12-15 15:27 <DIR> d--h----- C:\Documents and Settings\Family\Application Data\Gtek
2007-12-15 12:07 . 2006-05-30 22:56 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
2007-12-15 12:07 . 2006-05-30 22:55 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek
2007-12-15 12:03 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-12-15 12:03 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-12-15 12:03 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-12-15 12:03 . 2007-12-15 12:03 8,192 --a------ C:\WINDOWS\REGLOCS.OLD

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-11 19:25 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-11 19:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-11 19:13 --------- d-----w C:\Program Files\Java
2007-12-18 15:15 --------- d-----w C:\Program Files\McAfee
2007-12-16 00:55 --------- d-----w C:\Program Files\McAfee.com
2007-12-16 00:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-12-16 00:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-15 20:34 --------- d-----w C:\Program Files\Google
2007-12-15 20:34 --------- d-----w C:\Program Files\Dell Photo AIO Printer 964
2007-12-15 20:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-15 20:27 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-31 10:12 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:35 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 22:39 228,864 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 22:39 228,864 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-11 05:57 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 05:57 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 05:57 1,498,112 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 05:57 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 05:57 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 04:00 15360]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-03-16 07:51 715888]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 13:01 67584]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 19:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 19:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 19:50 114688]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 02:12 94208]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44 81920]
"@"="" []
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 14:49 1121280]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 04:20 122940]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-05-30 23:04 169472]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 10:26 110592]
"DLCJCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll" [2005-08-15 04:40 73728]
"dlcjmon.exe"="C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe" [2005-09-30 09:51 430080]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 964\memcard.exe" [2005-08-10 01:12 286720]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 16:57 36640]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-30 22:54 98304]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-05-30 22:49:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll 2007-12-15 15:14 10792 C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

S3 GoToAssist;GoToAssist;"C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-01-04 23:30:01 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DBDBH2B1-Family).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2007-12-16 00:52:33 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-01-01 06:00:09 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-11 14:38:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCJCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-11 14:39:25
ComboFix-quarantined-files.txt 2008-01-11 19:39:15
.
2008-01-09 08:02:36 --- E O F ---
Piankhi
Regular Member
 
Posts: 24
Joined: September 25th, 2007, 8:14 pm

Re: Potentially Harmful Pop Ups!!!!!!

Unread postby Piankhi » January 11th, 2008, 3:51 pm

New HJT report below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:51:31 PM, on 1/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Dell Photo AIO Printer 964\memcard.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dlcjcoms.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Fire-Trust SiteHound - {C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O3 - Toolbar: SiteHound - {73F7F495-A325-4C52-BE48-5F97FA511E89} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [DLCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcjmon.exe] "C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 964\memcard.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: dlcj_device - Unknown owner - C:\WINDOWS\system32\dlcjcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

--
End of file - 11232 bytes
Piankhi
Regular Member
 
Posts: 24
Joined: September 25th, 2007, 8:14 pm

Re: Potentially Harmful Pop Ups!!!!!!

Unread postby chryssi2001 » January 12th, 2008, 8:55 am

Hello Piankhi,

It surely looks a lot better :) . How is the pc running now?
------------------------------------------
Set Your Computer to Show All Files
  • Click Start.
  • Click My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading, select Show hidden files and folders.
  • Uncheck Hide protected operating system files (recommended).
  • Click Yes to confirm.
  • Uncheck the Hide file extensions for known file types.
  • Click OK.
In addition, go to Start, Search. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom.
Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.
------------------------------------------
Upload a File to Jotti
Please visit http://virusscan.jotti.org/

Copy/paste this file and path into the white box at the top:
C:\WINDOWS\system32\86681A87E8.sys

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.
------------------------------------------
COMBOFIX-Script
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Folder::
    C:\Documents and Settings\Wesley\Application Data\Symantec
    C:\Documents and Settings\Khalif\Application Data\Symantec
    C:\Documents and Settings\Holly\Application Data\Symantec
    C:\Temp
    C:\Documents and Settings\Family\Application Data\Symantec
    C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
    C:\Program Files\Common Files\Symantec Shared
    C:\Documents and Settings\All Users\Application Data\Symantec

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
------------------------------------------
Post back:
Jotti results
Combofix report.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: Potentially Harmful Pop Ups!!!!!!

Unread postby Piankhi » January 12th, 2008, 2:12 pm

I keep getting a weird message I will type it now and then post the logs requested as well:
swreg.cfexe application error
instruction at ox7c9111de referenced memory at ox00200064 cannot be read.

above is the error message

Combo fix log below:

ComboFix 08-01-11.1 - Family 2008-01-12 12:57:49.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1360 [GMT -5:00]
Running from: C:\Documents and Settings\Family\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Family\Desktop\CFScript.txt C:\Documents and Settings\Family\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Family\Application Data\Symantec
C:\Documents and Settings\Holly\Application Data\Symantec
C:\Documents and Settings\Khalif\Application Data\Symantec
C:\Documents and Settings\Wesley\Application Data\Symantec
C:\Program Files\Common Files\Symantec Shared
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\ez_log.html
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
C:\Temp
C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec

.
((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 )))))))))))))))))))))))))))))))
.

2008-01-11 14:33 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-11 14:13 . 2008-01-11 14:13 <DIR> d-------- C:\Program Files\Sun
2008-01-11 14:13 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-11 14:10 . 2008-01-11 14:10 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-09 14:50 . 2008-01-09 14:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-06 23:02 . 2008-01-06 23:02 <DIR> d-------- C:\Program Files\FireTrust
2008-01-05 10:27 . 2008-01-05 10:27 <DIR> d-------- C:\Documents and Settings\Wesley\Application Data\Grisoft
2008-01-04 19:02 . 2008-01-11 12:48 <DIR> d-------- C:\Program Files\RcvSystem
2008-01-04 15:09 . 2008-01-04 15:09 <DIR> d-------- C:\Documents and Settings\Family\Application Data\Grisoft
2008-01-03 21:21 . 2008-01-03 21:21 <DIR> d-------- C:\Documents and Settings\Holly\Application Data\Grisoft
2008-01-03 21:21 . 2008-01-03 21:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-03 21:21 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-03 21:11 . 2008-01-06 11:21 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-03 21:11 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2007-12-25 22:13 . 2007-12-25 22:13 <DIR> dr-h----- C:\Documents and Settings\Holly\Application Data\SecuROM
2007-12-25 22:13 . 2007-12-25 22:13 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-12-24 09:59 . 2007-12-24 09:59 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-24 09:59 . 2007-12-24 09:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-24 09:58 . 2007-12-24 09:58 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-18 23:03 . 2007-12-19 00:40 <DIR> d-------- C:\Program Files\EA GAMES
2007-12-18 22:32 . 2005-09-27 23:11 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2007-12-18 19:54 . 2007-12-18 19:54 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\SiteAdvisor
2007-12-18 10:18 . 2007-12-18 10:18 <DIR> d-------- C:\Program Files\The Weather Channel Toolbar
2007-12-18 10:18 . 2007-05-09 10:24 262,144 --a------ C:\WINDOWS\system32\TwcToolbarIe7.dll
2007-12-18 10:18 . 2007-05-09 09:41 73,728 --a------ C:\WINDOWS\system32\TwcToolbarBho.dll
2007-12-18 10:18 . 2007-05-09 09:42 25,600 --a------ C:\WINDOWS\system32\TwcToolInstDll.dll
2007-12-18 09:53 . 2007-12-20 09:43 <DIR> d-------- C:\Program Files\The Weather Channel FW
2007-12-18 09:46 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2007-12-16 22:39 . 2007-12-31 12:19 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-12-16 22:39 . 2007-12-16 22:44 <DIR> d-------- C:\Documents and Settings\Holly\Application Data\AdobeUM
2007-12-16 18:39 . 2008-01-03 14:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-16 18:39 . 2007-12-16 18:39 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-16 03:01 . 2007-12-16 03:01 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-15 23:35 . 2007-12-15 23:35 <DIR> d--hs---- C:\Documents and Settings\Holly\UserData
2007-12-15 23:05 . 2007-12-15 23:05 <DIR> d-------- C:\Documents and Settings\Wesley\Application Data\SiteAdvisor
2007-12-15 23:04 . 2007-12-15 23:04 <DIR> d-------- C:\Documents and Settings\Khalif\Application Data\SiteAdvisor
2007-12-15 20:24 . 2007-12-15 20:24 <DIR> d-------- C:\Documents and Settings\Family\Application Data\SiteAdvisor
2007-12-15 19:57 . 2008-01-12 11:54 13,462 --a------ C:\WINDOWS\system32\Config.MPF
2007-12-15 19:54 . 2007-12-15 19:54 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-12-15 19:53 . 2007-12-19 17:06 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-12-15 19:53 . 2007-12-15 19:53 <DIR> d-------- C:\Documents and Settings\Holly\Application Data\SiteAdvisor
2007-12-15 19:53 . 2007-12-15 19:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-12-15 19:52 . 2007-06-25 10:57 171,240 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-12-15 19:52 . 2007-03-02 14:16 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-12-15 19:52 . 2007-06-25 14:54 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-12-15 19:52 . 2007-06-25 10:57 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-12-15 19:52 . 2007-06-25 10:57 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-12-15 19:52 . 2007-06-25 10:57 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-12-15 19:51 . 2007-12-15 19:52 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-12-15 19:20 . 2007-12-16 17:36 2,516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-12-15 19:20 . 2007-12-15 19:20 8 -r-hs---- C:\WINDOWS\system32\86681A87E8.sys
2007-12-15 16:26 . 2007-12-15 16:26 <DIR> d--h----- C:\Documents and Settings\Wesley\Application Data\GTek
2007-12-15 16:04 . 2008-01-11 00:37 4,096 --ahs---- C:\VSNAP.IDX
2007-12-15 16:02 . 2007-12-15 16:23 <DIR> d-------- C:\Documents and Settings\Khalif\Application Data\GTek
2007-12-15 15:42 . 2007-07-09 08:09 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-15 15:39 . 2006-03-20 22:23 23,040 --------- C:\WINDOWS\kb913800.exe
2007-12-15 15:37 . 2006-12-06 23:14 2,330,624 --------- C:\WINDOWS\system32\dllcache\wmvcore.dll
2007-12-15 15:36 . 2007-12-15 15:38 <DIR> d-------- C:\Documents and Settings\Holly\Application Data\GTek
2007-12-15 15:34 . 2007-12-15 15:34 4,128 --a------ C:\INFCACHE.1
2007-12-15 15:27 . 2007-12-15 15:27 <DIR> d---s---- C:\Documents and Settings\Family\UserData
2007-12-15 15:14 . 2007-12-15 15:14 <DIR> d-------- C:\Program Files\Citrix
2007-12-15 15:14 . 2007-12-15 15:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Citrix
2007-12-15 15:13 . 2007-12-15 15:13 <DIR> d-------- C:\WINDOWS\Sun
2007-12-15 15:13 . 2007-12-15 15:13 60,968 --a------ C:\Documents and Settings\Family\GoToAssistDownloadHelper.exe
2007-12-15 15:12 . 2007-12-15 15:12 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-12-15 15:11 . 2008-01-10 16:22 <DIR> d-------- C:\Program Files\Dl_cats
2007-12-15 15:11 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2007-12-15 15:11 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2007-12-15 15:11 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-12-15 15:11 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-12-15 15:11 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-12-15 15:11 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2007-12-15 15:11 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-12-15 15:11 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2007-12-15 15:11 . 2007-12-15 15:32 12,183 --a------ C:\WINDOWS\system32\LexFiles.ulf
2007-12-15 15:10 . 2007-12-15 15:10 <DIR> d-------- C:\Program Files\DellSupport
2007-12-15 12:08 . 2007-12-15 12:08 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\McAfee.com Personal Firewall
2007-12-15 12:08 . 2007-12-15 15:27 <DIR> d--h----- C:\Documents and Settings\Family\Application Data\Gtek
2007-12-15 12:07 . 2006-05-30 22:55 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek
2007-12-15 12:03 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-12-15 12:03 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-12-15 12:03 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-12-15 12:03 . 2007-12-15 12:03 8,192 --a------ C:\WINDOWS\REGLOCS.OLD

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-11 19:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-11 19:13 --------- d-----w C:\Program Files\Java
2007-12-18 15:15 --------- d-----w C:\Program Files\McAfee
2007-12-16 00:55 --------- d-----w C:\Program Files\McAfee.com
2007-12-16 00:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-12-16 00:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-15 20:34 --------- d-----w C:\Program Files\Google
2007-12-15 20:34 --------- d-----w C:\Program Files\Dell Photo AIO Printer 964
2007-12-15 20:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-15 20:27 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-31 10:12 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:35 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 22:39 228,864 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 22:39 228,864 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-11_14.38.47.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-11 19:34:06 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-12 17:57:41 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-11 19:34:06 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-12 17:57:41 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-11 19:34:06 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-12 17:57:41 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-11 19:34:06 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-12 17:57:41 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-11 19:34:06 2,600,960 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-12 17:57:42 2,600,960 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-11 19:34:06 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-12 17:57:42 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 04:00 15360]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-03-16 07:51 715888]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 13:01 67584]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 19:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 19:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 19:50 114688]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 02:12 94208]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44 81920]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 14:49 1121280]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 04:20 122940]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-05-30 23:04 169472]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 10:26 110592]
"DLCJCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll" [2005-08-15 04:40 73728]
"dlcjmon.exe"="C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe" [2005-09-30 09:51 430080]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 964\memcard.exe" [2005-08-10 01:12 286720]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 16:57 36640]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-30 22:54 98304]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-05-30 22:49:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll 2007-12-15 15:14 10792 C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

S3 GoToAssist;GoToAssist;"C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-11 23:30:01 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DBDBH2B1-Family).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2007-12-16 00:52:33 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-01-01 06:00:09 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-12 13:00:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCJCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-12 13:00:59
ComboFix-quarantined-files.txt 2008-01-12 18:00:55
ComboFix2.txt 2008-01-12 17:48:08
ComboFix3.txt 2008-01-11 19:39:26
.
2008-01-09 08:02:36 --- E O F ---
Piankhi
Regular Member
 
Posts: 24
Joined: September 25th, 2007, 8:14 pm

Re: Potentially Harmful Pop Ups!!!!!!

Unread postby Piankhi » January 12th, 2008, 2:16 pm

Jotti log is below:

Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1
File to upload & scan:

Service
Service load:
0% 100%
File: 86681A87E8.sys Status:
OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 0641a46f1e58529a42ead4573a3a0861 Packers detected:
-
Bit9 reports: File not found
Scanner results
Scan taken on 12 Jan 2008 17:33:53 (GMT) AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing


Statistics
Last file scanned at least one scanner reported something about: NOD32.FiX.v3.0-aRC-R3XBR-nsane.exe (MD5: 2e8e89829a8dfaac5c94857ce8a2003a, size: 833775 bytes), detected by:
Scanner Malware name
AntiVir X
ArcaVir Trojan.Vb.Bla
Avast Win32:VB-CMP
AVG Antivirus Generic5.ITD
BitDefender X
ClamAV Trojan.VB-1495
CPsecure BackDoor.W32.Bandok.av
Dr.Web X
F-Prot Antivirus Possibly a new variant of W32/VB-EMU:VB-Dropper-based!Maximus
F-Secure Anti-Virus Trojan.Win32.VB.bla
Fortinet W32/VB.BLA!tr
Ikarus Backdoor.Win32.PoisonIvy.j
Kaspersky Anti-Virus Trojan.Win32.VB.bla
NOD32 probably a variant of Win32/VB
Norman Virus Control W32/PoisonIvy.AIV
Panda Antivirus X
Rising Antivirus X
Sophos Antivirus X
VirusBuster X
VBA32 Backdoor.Win32.PoisonIvy.j


You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.
Piankhi
Regular Member
 
Posts: 24
Joined: September 25th, 2007, 8:14 pm

Re: Potentially Harmful Pop Ups!!!!!!

Unread postby chryssi2001 » January 13th, 2008, 3:03 am

Hello Piankhi,

I keep getting a weird message I will type it now and then post the logs requested as well:
swreg.cfexe application error
instruction at ox7c9111de referenced memory at ox00200064 cannot be read.


I will check about the error and be back asap.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: Potentially Harmful Pop Ups!!!!!!

Unread postby chryssi2001 » January 13th, 2008, 11:50 am

Hello Piankhi,

We'll fix that message you are getting, but not yet, it's nothing to worry about.
It will be gone after we remove Combofix.
Now i just need an Online scan to be sure there is no infection left.
Is the pc running ok now, if we disregard the message you are getting?
--------------------------------------------------------
There is a new update for Java. You updated after my instructions to Version 6 update 3. So now please update to Version 6 update 4 as per my instructions below.

Update Java Runtime:

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 4.
  • Go to http://java.sun.com/javase/downloads/index.jsp
  • Click on the link named Java Runtime Environment (JRE) 6 Update 4
  • Click on the radio button to Accept License Agreement
  • Click on Windows Offline Installation, Multi-language and save the downloaded file to your hard disk
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all old versions of Java (Java 3 Runtime Environment, JRE or JSE)
  • Reboot your computer
  • Delete the folder C:\Program Files\Java if present
  • Install the new version by running the newly-downloaded file, and follow the on-screen instructions.
  • Reboot your computer
--------------------------------------------------------
Run Kaspersky Online AV Scanner
Using Internet Explorer Go to http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html and click the Accept button at the end of the page.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
  • Click on "My Computer" and then put the kettle on!
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Copy and paste the report into your next reply along with a fresh HJT log and a description of how your PC is behaving.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: Potentially Harmful Pop Ups!!!!!!

Unread postby Piankhi » January 16th, 2008, 1:27 pm

I am having trouble downloading the Kaspersky Online AV Scanner I tried to adjust the window to 75% in order to help the accept button work but the screen doesn't adjust at all. When I click the accept button it doesn't work.

Besides the message I mentioned the computer is working much better than it was and I have stopped getting the pop ups I was getting before.
Piankhi
Regular Member
 
Posts: 24
Joined: September 25th, 2007, 8:14 pm

Re: Potentially Harmful Pop Ups!!!!!!

Unread postby chryssi2001 » January 16th, 2008, 2:46 pm

Hello Piankhi,

No problem :). Please run Panda Online-Scan as per my instructions below.

PANDA ONLINE SCAN
Place a shortcut to Panda ActiveScan on your desktop.

Reboot back into Windows and click the Panda ActiveScan shortcut.
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on Local Disks to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report, along with a new HijackThis Log.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: Potentially Harmful Pop Ups!!!!!!

Unread postby Piankhi » January 16th, 2008, 3:10 pm

New HJT Report Below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:29:21 PM, on 1/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe
C:\Program Files\Dell Photo AIO Printer 964\memcard.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dlcjcoms.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Fire-Trust SiteHound - {C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O3 - Toolbar: SiteHound - {73F7F495-A325-4C52-BE48-5F97FA511E89} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [DLCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcjmon.exe] "C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 964\memcard.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: dlcj_device - Unknown owner - C:\WINDOWS\system32\dlcjcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

--
End of file - 11512 bytes
Piankhi
Regular Member
 
Posts: 24
Joined: September 25th, 2007, 8:14 pm

Re: Potentially Harmful Pop Ups!!!!!!

Unread postby Piankhi » January 16th, 2008, 5:31 pm

Panda Online Scan Report below:

Incident Status Location

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\ixtd3alq.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\ixtd3alq.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\ixtd3alq.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\ixtd3alq.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\ixtd3alq.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\ixtd3alq.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\ixtd3alq.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\ixtd3alq.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\ixtd3alq.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\ixtd3alq.default\cookies.txt[.go.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\ixtd3alq.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\ixtd3alq.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\ixtd3alq.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\ixtd3alq.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\ixtd3alq.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\ixtd3alq.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\ixtd3alq.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\ixtd3alq.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\ixtd3alq.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\ixtd3alq.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\ixtd3alq.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\ixtd3alq.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\ixtd3alq.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\ixtd3alq.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\ixtd3alq.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Family\Cookies\family@ad.yieldmanager[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Family\Cookies\family@adserver.easyad[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Family\Cookies\family@go[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Family\Cookies\family@www.burstbeacon[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Family\Cookies\family@xiti[1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Family\Desktop\ComboFix.exe[nircmd.com]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Family\Desktop\ComboFix.exe[nircmd.cfexe]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\4n4dm75q.default\cookies.txt[.ad.yieldmanager.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\4n4dm75q.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\4n4dm75q.default\cookies.txt[.ad.yieldmanager.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\4n4dm75q.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\4n4dm75q.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\4n4dm75q.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\4n4dm75q.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\4n4dm75q.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\4n4dm75q.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\4n4dm75q.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\4n4dm75q.default\cookies.txt[.com.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\4n4dm75q.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\4n4dm75q.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\4n4dm75q.default\cookies.txt[.www.burstbeacon.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\4n4dm75q.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\4n4dm75q.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\4n4dm75q.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\4n4dm75q.default\cookies.txt[.go.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\4n4dm75q.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\4n4dm75q.default\cookies.txt[server.iad.liveperson.net/hc/73242375]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\4n4dm75q.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\4n4dm75q.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Buzztone Not disinfected C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\4n4dm75q.default\cookies.txt[www.buzztone.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Holly\Cookies\holly@ad.yieldmanager[4].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Holly\Cookies\holly@adserver.easyad[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Holly\Cookies\holly@apmebf[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Holly\Cookies\holly@apmebf[3].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Holly\Cookies\holly@azjmp[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Holly\Cookies\holly@azjmp[3].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Holly\Cookies\holly@com[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Holly\Cookies\holly@gostats[1].txt
Spyware:Cookie/Maxifiles Not disinfected C:\Documents and Settings\Holly\Cookies\holly@goto.maxifiles[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Holly\Cookies\holly@go[2].txt
Spyware:Cookie/Outster Not disinfected C:\Documents and Settings\Holly\Cookies\holly@outster[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Holly\Cookies\holly@statcounter[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Holly\Cookies\holly@www3.addfreestats[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Holly\Cookies\holly@www6.addfreestats[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Holly\Cookies\holly@xiti[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Holly\Cookies\holly@xiti[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Khalif\Application Data\Mozilla\Firefox\Profiles\ltcma5l4.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Khalif\Application Data\Mozilla\Firefox\Profiles\ltcma5l4.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Khalif\Application Data\Mozilla\Firefox\Profiles\ltcma5l4.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Khalif\Application Data\Mozilla\Firefox\Profiles\ltcma5l4.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Khalif\Application Data\Mozilla\Firefox\Profiles\ltcma5l4.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Khalif\Application Data\Mozilla\Firefox\Profiles\ltcma5l4.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Khalif\Application Data\Mozilla\Firefox\Profiles\ltcma5l4.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Wesley\Cookies\wesley@apmebf[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Wesley\Cookies\wesley@com[1].txt
Possible Virus. Not disinfected C:\drivers\printer\964\apps\PrntToFx\BVRP\ENGLISH\Setup.exe
Possible Virus. Not disinfected C:\Program Files\Dell Photo AIO Printer 964\FaxTools\Install\Setup.exe
Possible Virus. Not disinfected C:\Program Files\InstallShield Installation Information\{5BF2B19D-9C79-492A-8969-F059F06A627F}\Setup.exe
Adware:Adware/PurityScan Not disinfected C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1560OinAdmin.exe.vir
Adware:Adware/Yazzle Not disinfected C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1560OinUninstaller.exe.vir
Adware:Adware/InternetSpeedMonitor Not disinfected C:\QooBox\Quarantine\C\Program Files\QdrPack\QdrPack11.exe.vir
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe
Piankhi
Regular Member
 
Posts: 24
Joined: September 25th, 2007, 8:14 pm

Re: Potentially Harmful Pop Ups!!!!!!

Unread postby chryssi2001 » January 17th, 2008, 2:07 am

Thanks for the reports, i will be back asap :)
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 68 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware